productDev/zbomyoujia.git

			@@ -1,17 +1,20 @@
			package com.doumee.config.Jwt;

			import com.alibaba.fastjson.JSONObject;
			import com.doumee.biz.system.SystemDictDataBiz;
			import com.doumee.config.annotation.ErpLoginRequired;
			import com.doumee.biz.zbom.model.zhongtai.ZTConstants;
			import com.doumee.config.annotation.UserLoginRequired;
			import com.doumee.config.annotation.LoginRequired;
			import com.doumee.core.constants.ResponseStatus;
			import com.doumee.core.exception.BusinessException;
			import com.doumee.core.utils.Constants;
			import com.doumee.core.utils.redis.RedisUtil;
			import com.doumee.dao.business.model.Member;
			import com.doumee.dao.business.model.Users;
			import io.jsonwebtoken.JwtException;
			import org.apache.commons.lang3.StringUtils;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.boot.web.servlet.FilterRegistrationBean;
			import org.springframework.beans.factory.annotation.Value;
			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.data.redis.core.RedisTemplate;
			@@ -25,7 +28,6 @@

			import javax.servlet.http.HttpServletRequest;
			import javax.servlet.http.HttpServletResponse;
			import java.lang.reflect.Method;
			import java.util.Objects;

			@Configuration
			@@ -40,6 +42,12 @@

			@Autowired
			private RedisTemplate<String,Object> redisTemplate;

			/**
			* 是否开发者
			*/
			@Value("${debug_model}")
			private Boolean isDebug;

			/**
			* 添加拦截器
			@@ -57,62 +65,82 @@
			HandlerMethod handlerMethod = (HandlerMethod) handler;

			Class<?> beanType = handlerMethod.getBeanType();

			// Method method = handlerMethod.getMethod();

			// 有 @LoginRequired 注解，需要登录认证
			if (beanType.isAnnotationPresent(LoginRequired.class) \|\| handlerMethod.hasMethodAnnotation(LoginRequired.class)) {
			//获取token
			String token = request.getHeader(JwtTokenUtil.HEADER_KEY); // 从 http 请求头中取出 token
			if (StringUtils.isNotBlank(token)) {
			checkLogin(request,response);
			} else {
			throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");
			}
			} else if(beanType.isAnnotationPresent(ErpLoginRequired.class) \|\| handlerMethod.hasMethodAnnotation(ErpLoginRequired.class)){
			try {
			//ERP 业务注解
			String token = request.getHeader(JwtTokenUtil.HEADER_KEY);
			String redisToken = RedisUtil.getObject(redisTemplate,Constants.RedisKeys.ERP_TOKEN,String.class);
			if(StringUtils.isBlank(redisToken)\|\|!token.equals(redisToken)){
			throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"授权已失效");
			}
			request.setAttribute(JwtTokenUtil.HEADER_KEY,token);
			} catch (IllegalArgumentException \| JwtException e) {
			throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"授权已失效");
			}
			// request.setAttribute("token", token);
			Boolean checkFlag = false;
			if(!( handlerMethod.hasMethodAnnotation(LoginRequired.class) \|\| handlerMethod.hasMethodAnnotation(UserLoginRequired.class))
			){
			return true;
			}
			String token = request.getHeader(JwtTokenUtil.HEADER_KEY);
			if(StringUtils.isBlank(token)){
			throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");
			}
			if (handlerMethod.hasMethodAnnotation(LoginRequired.class)) {
			checkFlag = checkLogin(request,response,token);
			}
			if(!checkFlag && handlerMethod.hasMethodAnnotation(UserLoginRequired.class)){
			checkFlag = checkPersonnelLogin(request,response,token);
			}
			if(!checkFlag){
			throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");
			}
			return true;
			}
			};
			registry.addInterceptor(TokenInterceptor).addPathPatterns("/web/","/visitbiz/");
			registry.addInterceptor(TokenInterceptor).addPathPatterns("/web/**");
			}



			public Boolean checkLogin(HttpServletRequest request, HttpServletResponse response){
			String token = request.getHeader(JwtTokenUtil.HEADER_KEY);
			public Boolean checkLogin(HttpServletRequest request, HttpServletResponse response,String token){
			try {
			//判断Token是否超时
			boolean expiration = JwtTokenUtil.isTokenExpired(token);
			if (expiration) {
			throw new BusinessException(ResponseStatus.TOKEN_EXCEED_TIME.getCode(),"长时间未操作,请重新登录");
			String tokenRedis = (String) redisTemplate.opsForValue().get(ZTConstants.CUSTOMER+"_"+token);
			if(StringUtils.isBlank(tokenRedis)){
			return false;
			}
			//获取账号ID
			String memberId = JwtTokenUtil.getJwtPayLoad(token).getMemberId();
			Member member = dao.queryForObject(" select * from `member` where id = ? limit 1 ", new BeanPropertyRowMapper<>(Member.class),memberId );
			Long memberId = getTokenId(token);
			Member member = dao.queryForObject(" select * from `member` where id = ? limit 1 ", new BeanPropertyRowMapper<>(Member.class),memberId);
			if(Objects.isNull(member)){
			throw new BusinessException(ResponseStatus.DATA_EMPTY);
			}
			if(member.getIsdeleted()== Constants.ONE){
			throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已删除,请联系管理员");
			if(Objects.isNull(member.getOpenid())){
			throw new BusinessException(ResponseStatus.USER_DISABLE_TIME.getCode(),"用户已注销,请重新登录");
			}
			if(member.getStatus() != Constants.ZERO){
			throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已禁用,请联系管理员");
			if(Constants.equalsInteger(member.getIsdeleted(),Constants.ONE)){
			throw new BusinessException(ResponseStatus.USER_DISABLE_TIME.getCode(),"用户已删除,请联系管理员");
			}
			if(!Constants.equalsInteger(member.getStatus(),Constants.ZERO)){
			throw new BusinessException(ResponseStatus.USER_DISABLE_TIME.getCode(),"用户已禁用,请联系管理员");
			}
			request.setAttribute(JwtTokenUtil.UserId_Name, memberId);
			request.setAttribute(JwtTokenUtil.MEMBER, member);
			request.setAttribute(JwtTokenUtil.UserType, ZTConstants.CUSTOMER);
			request.setAttribute(JwtTokenUtil.HEADER_KEY, ZTConstants.CUSTOMER+"_"+token);
			request.setAttribute(JwtTokenUtil.UserInfo, tokenRedis);
			return true;
			} catch (IllegalArgumentException \| JwtException e) {
			throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");
			}
			}

			public Boolean checkPersonnelLogin(HttpServletRequest request, HttpServletResponse response,String token){
			try {
			String tokenRedis = (String) redisTemplate.opsForValue().get(ZTConstants.BUSINESS+"_"+token);
			if(StringUtils.isBlank(tokenRedis)){
			return false;
			}
			Long userId = getTokenId(token);
			Users users = dao.queryForObject(" select * from `users` where id = ? limit 1 ", new BeanPropertyRowMapper<>(Users.class),userId);
			if(Objects.isNull(users)){
			throw new BusinessException(ResponseStatus.DATA_EMPTY);
			}
			if(Constants.equalsInteger(users.getIsdeleted(),Constants.ONE)){
			throw new BusinessException(ResponseStatus.USER_DISABLE_TIME.getCode(),"用户已删除,请联系管理员");
			}
			if(!StringUtils.equals(users.getStatus(),Constants.ONE+"")){
			throw new BusinessException(ResponseStatus.USER_DISABLE_TIME.getCode(),"用户状态异常,请重新登录");
			}
			request.setAttribute(JwtTokenUtil.UserId_Name, userId);
			request.setAttribute(JwtTokenUtil.UserType, ZTConstants.BUSINESS);
			request.setAttribute(JwtTokenUtil.HEADER_KEY, ZTConstants.CUSTOMER+"_"+token);
			request.setAttribute(JwtTokenUtil.UserInfo, tokenRedis);
			return true;
			} catch (IllegalArgumentException \| JwtException e) {
			throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");
			@@ -124,5 +152,14 @@
			return new RestTemplate();
			}

			public Long getTokenId(String token){
			try {
			Integer lastIndex = token.lastIndexOf("_")+1;
			Long tokenId = Long.valueOf(token.substring(lastIndex));
			return tokenId;
			}catch (Exception e){
			throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");
			}
			}

			}